CVE-2012-6303

Snack Sound Toolkit - Heap-based Buffer Overflow in GetWavHeader

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6303. PoCs published by Jean Pascal Pereira.

AI-analyzed exploit summary This exploit generates a malformed WAV file that triggers a memory corruption vulnerability in WaveSurfer 1.8.8p4, leading to a denial-of-service (DoS) condition. The crafted file contains invalid data structures that cause the application to crash upon parsing.

Description

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jean Pascal Pereira · pythondoswindows

https://www.exploit-db.com/exploits/19772

View Code ZIP pw:eip

This exploit generates a malformed WAV file that triggers a memory corruption vulnerability in WaveSurfer 1.8.8p4, leading to a denial-of-service (DoS) condition. The crafted file contains invalid data structures that cause the application to crash upon parsing.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: WaveSurfer 1.8.8p4

No auth needed

Prerequisites: Ability to deliver a crafted WAV file to the target system

MITRE ATT&CK